Cisco pushes new security software

Cisco last week introduced software products aimed at letting users squash virus and worm traffic at the front door - incoming LAN switch or WAN router ports.

In a joint product/services launch with Trend Micro, Cisco says it will offer a server-based product that can tell Cisco routers and switches to limit the traffic rate or shut down ports on devices if virus or worm activity is detected on a network. The offering will rely on Trend Micro gear that identifies virus signatures. Cisco also launched several security software updates and security management products.

On the data center front, Cisco released the first re-branded product from its acquisition of InfiniBand switch maker TopSpin Communications , with its Server Fabric Switch and VframeTM software for managing virtualized server images connected to the device.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Cisco last week introduced software products aimed at letting users squash virus and worm traffic at the front door - incoming LAN switch or WAN router ports.

In a joint product/services launch with Trend Micro, Cisco says it will offer a server-based product that can tell Cisco routers and switches to limit the traffic rate or shut down ports on devices if virus or worm activity is detected on a network. The offering will rely on Trend Micro gear that identifies virus signatures. Cisco also launched several security software updates and security management products.

On the data center front, Cisco released the first re-branded product from its acquisition of InfiniBand switch maker TopSpin Communications , with its Server Fabric Switch and VframeTM software for managing virtualized server images connected to the device.

The security offering consists of Cisco's Incident Control System (ICS) server, software that communicates with a virus/worm updating service from Trend Micro. ICS, which runs on Windows servers, receives updates on the latest malware definitions and signatures from Trend Micro, and communicates with Cisco intrusion-prevention system (IPS ) gear on a network. If the IPS detects virus traffic, the ICS is triggered and distributes access control lists (ACL) to compatible Cisco switches and routers on the network.

For instance, if the ICS receives notice of a worm that uses Port 80 as an attack method, ACLs to rate-limit or block Port 80 traffic can be blasted to all network gear, locking out potential infected traffic.

This system was tested by Simpler-Webb, an Austin, Texas, integrator of Cisco products and a provider of managed services based on Cisco gear.

"Technically, it's very simple to set up," said Jeff Simpler, Simpler-Webb CEO. "It could be a very effective tool for minimizing damage" from attacks such as the recent Zotob worm, because the ICS distributes ACLs to network gear quicker than if administrators had to configure equipment individually.

"There is a question as to whether you'd want to deploy protection-based filtering on a switch," Simpler adds. "Say a worm takes advantage of an application running on a well-known port. Then if you use ICS to filter all traffic on that port, you've just created your own little DoS attack on yourself."

Other security gear in Cisco's launch includes an update to the Cisco Security Monitoring, Analysis and Response System (CMARS), a software management tool for monitoring security events on network gear. The update to the product lets Cisco routers and switches receive signals to activate pre-installed ACLs for certain worms in case that worm activity is detected on a network. This can save time for users by automatically updating network gear, Cisco says.

While ICS and CMARS gear fall under Cisco's Secure Architecture for Enterprises blueprint, Cisco says the technology is not part of its ongoing Network Admission Control (NAC) technology, which uses third-party anti-virus/system-verification software to block unsafe client machines from access to a LAN or WAN.